Crafty Syntax Live Help 2.7.3 - Multiple HTML Injection Vulnerabilities

EDB-ID:

24169




Platform:

PHP

Date:

2004-06-04


source: https://www.securityfocus.com/bid/10463/info

CSLH is prone to multiple HTML injection vulnerabilities. These issues exist due to insufficient sanitization of user-supplied data. The problem presents itself in various modules of the application and can allow remote attackers to inject HTML code into the name field and in chat sessions for live help.

Crafy Syntax Live Help 2.7.3 and prior versions are prone to these issues. 

window.location("http://www.cgisecurity.com/articles/xss-faq.shtml");
window.location("http://livehelp.someisp.com/livehelp/operators.php?remove=1")